loops / 5dive-ai / loops / ai-soc-alert-triager

AI Security Operations Center

securityimported
Installation
$npx agenticloops install ai-soc-alert-triager
Summary

Nightly SOC loop: fuses security alerts, maps to MITRE ATT&CK, triages by severity, and runs purple-team drills.

  • Runs Nightly, on any harness.
  • Uses skills: security, threat-intelligence, log-analysis, monitoring.
  • Needs cli python, secrets SIEM_API_KEY — checked at install; secrets are prompted, never in the file.
  • Runs at the standard capability tier (balanced model); the harness picks the model.
What it does
Each night, collect and fuse security alerts from SIEM and log sources, investigate findings and map each to MITRE ATT&CK tactics and techniques, triage by severity, generate Hunt-as-Code hypotheses for high-severity findings, and run any scheduled purple-team simulation drills configured in the hunt schedule.
LOOP.md
---
name: ai-soc-alert-triager
description: AI Security Operations Center · Nightly SOC loop: fuses security alerts, maps to MITRE ATT&CK, triages by severity, and runs purple-team drills.
schedule: daily @ 02:00
skills: [security, threat-intelligence, log-analysis, monitoring]
requires:
  cli: [python]
  secrets: [SIEM_API_KEY]      # names only
tier: standard            # frontier | standard | fast
effort: medium
concurrency: skip
tags: [security, soc, ops, threat-intel]
license: MIT
---

Each night, collect and fuse security alerts from SIEM and log sources, investigate findings and map each to MITRE ATT&CK tactics and techniques, triage by severity, generate Hunt-as-Code hypotheses for high-severity findings, and run any scheduled purple-team simulation drills configured in the hunt schedule.
Installs
tracking soon
Adapted from
beenuar/AiSOC ↗
original author: beenuar
GitHub Stars
☆ 1.5K
First Seen
Jun 30, 2026
License
MIT
Trigger
◷ Nightly